On Sun, Feb 22, 2015 at 01:49:16AM +0100, Florian Schlichting wrote:
On Fri, Feb 20, 2015 at 10:50:20PM +0100, Kurt Roeckx wrote:
On Fri, Feb 20, 2015 at 10:08:48PM +0100, Florian Schlichting wrote:
| RC4 3880.5871
| RC4 Only 3712 0.7918
With TLS it should be no problem to have those weak ciphers in the list
I dont agree with this..
Due to weak crypters avaible and programs ( for example postfix ) offering
them over TLS also cause problems.
Google for : postfix SSL_accept error from for example..
This is mainly due
On Fri, Feb 20, 2015 at 10:50:20PM +0100, Kurt Roeckx wrote:
On Fri, Feb 20, 2015 at 10:08:48PM +0100, Florian Schlichting wrote:
| RC4 3880.5871
| RC4 Only 3712 0.7918
| RC4 Preferred 64613 13.7832
| RC4 forced in
On Fri, Feb 20, 2015 at 06:25:44PM +0100, Kurt Roeckx wrote:
On Fri, Feb 20, 2015 at 06:10:59PM +0100, Florian Schlichting wrote:
What servers, and what clients are we talking about here?
You might want to look at those stats:
On Fri, Feb 20, 2015 at 10:08:48PM +0100, Florian Schlichting wrote:
On Fri, Feb 20, 2015 at 06:25:44PM +0100, Kurt Roeckx wrote:
On Fri, Feb 20, 2015 at 06:10:59PM +0100, Florian Schlichting wrote:
What servers, and what clients are we talking about here?
You might want to look at
Hi Kurt,
To protect our users and comply with adopted Internet standards, openssl
in Debian should no longer include RC4 ciphers in the DEFAULT list of
ciphers, neither in Jessie nor supported stable / oldstable releases.
I fully support that RFC. However I don't think it's a good idea
On Fri, Feb 20, 2015 at 06:10:59PM +0100, Florian Schlichting wrote:
Hi Kurt,
To protect our users and comply with adopted Internet standards, openssl
in Debian should no longer include RC4 ciphers in the DEFAULT list of
ciphers, neither in Jessie nor supported stable / oldstable
On Thu, Feb 19, 2015 at 10:38:14AM +0100, Florian Schlichting wrote:
Package: openssl
Version: 1.0.1e-2+deb7u14
Severity: serious
Tags: security
Newly released RFC 7465 [0] describes RC4 as being on the verge of
becoming practically exploitable and consequently mandates that both
servers
8 matches
Mail list logo